Use base64.urlsafe_b64encode() instead of manual specification of chars

This makes for better readability, and is exactly the same functionality... Pointed out by Jacob Champion
2025-07-25 16:02:27 +00:00 · 2025-06-04 10:56:33 +02:00
parent de76f82f62
commit e48157dac3
3 changed files with 25 additions and 25 deletions
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@ -729,9 +729,9 @@ def communityauth(request, siteid):
        encryptor = AES.new(base64.b64decode(site.cryptkey), AES.MODE_SIV, nonce=nonce)
        cipher, tag = encryptor.encrypt_and_digest(s.encode('ascii'))
        redirparams = {
-            'd': base64.b64encode(cipher, b"-_").decode('ascii'),
+            'd': base64.urlsafe_b64encode(cipher),
-            'n': base64.b64encode(nonce, b"-_").decode('ascii'),
+            'n': base64.urlsafe_b64encode(nonce),
-            't': base64.b64encode(tag, b"-_").decode('ascii'),
+            't': base64.urlsafe_b64encode(tag),
        }
    else:
        # v2 = plain AES
@ -741,8 +741,8 @@ def communityauth(request, siteid):
        encryptor = AES.new(base64.b64decode(site.cryptkey), AES.MODE_CBC, iv)
        cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))  # Pad to even 16 bytes
        redirparams = {
-            'i': base64.b64encode(iv, b"-_").decode('ascii'),
+            'i': base64.urlsafe_b64encode(iv),
-            'd': base64.b64encode(cipher, b"-_").decode('ascii'),
+            'd': base64.urlsafe_b64encode(cipher),
        }
    # Generate redirect
@ -794,9 +794,9 @@ def _encrypt_site_response(site, s, version):
        cipher, tag = encryptor.encrypt_and_digest(s.encode('ascii'))
        return "&".join((
-            base64.b64encode(nonce, b'-_').decode('ascii'),
+            base64.urlsafe_b64encode(nonce).decode('ascii'),
-            base64.b64encode(cipher, b'-_').decode('ascii'),
+            base64.urlsafe_b64encode(cipher).decode('ascii'),
-            base64.b64encode(tag, b'-_').decode('ascii'),
+            base64.urlsafe_b64encode(tag).decode('ascii'),
        ))
    else:
        # Encrypt it with the shared key (and IVs)
@ -806,8 +806,8 @@ def _encrypt_site_response(site, s, version):
        cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))  # Pad to even 16 bytes
        return "&".join((
-            base64.b64encode(iv, b'-_').decode('ascii'),
+            base64.urlsafe_b64encode(iv).decode('ascii'),
-            base64.b64encode(cipher, b'-_').decode('ascii'),
+            base64.urlsafe_b64encode(cipher).decode('ascii'),
        ))
--- a/tools/communityauth/sample/django/auth.py
+++ b/tools/communityauth/sample/django/auth.py
@ -83,9 +83,9 @@ def login(request):
        return HttpResponseRedirect("%s?%s" % (settings.PGAUTH_REDIRECT, urlencode({
            'd': '$'.join((
-                base64.b64encode(nonce, b"-_").decode('utf8'),
+                base64.urlsafe_b64encode(nonce).decode('utf8'),
-                base64.b64encode(cipher, b"-_").decode('utf8'),
+                base64.urlsafe_b64encode(cipher).decode('utf8'),
-                base64.b64encode(tag, b"-_").decode('utf8'),
+                base64.urlsafe_b64encode(tag).decode('utf8'),
            )),
        })))
    else:
@ -119,11 +119,11 @@ def auth_receive(request):
        decryptor = AES.new(
            base64.b64decode(settings.PGAUTH_KEY),
            AES.MODE_SIV,
-            nonce=base64.b64decode(str(request.GET['n']), "-_"),
+            nonce=base64.urlsafe_b64decode(str(request.GET['n'])),
        )
        s = decryptor.decrypt_and_verify(
-            base64.b64decode(str(request.GET['d']), "-_"),
+            base64.urlsafe_b64decode(str(request.GET['d'])),
-            base64.b64decode(str(request.GET['t']), "-_"),
+            base64.urlsafe_b64decode(str(request.GET['t'])),
        ).rstrip(b' ').decode('utf8')
    except UnicodeDecodeError:
        return HttpResponse("Badly encoded data found", 400)
@ -215,11 +215,11 @@ We apologize for the inconvenience.
        decryptor = AES.new(
            SHA256.new(settings.SECRET_KEY.encode('ascii')).digest()[:32],
            AES.MODE_SIV,
-            nonce=base64.b64decode(nonces, b"-_"),
+            nonce=base64.urlsafe_b64decode(nonces),
        )
        s = decryptor.decrypt_and_verify(
-            base64.b64decode(datas, "-_"),
+            base64.urlsafe_b64decode(datas),
-            base64.b64decode(tags, "-_"),
+            base64.urlsafe_b64decode(tags),
        ).rstrip(b' ').decode('utf8')
        try:
            rdata = parse_qs(s, strict_parsing=True)
@ -331,11 +331,11 @@ def user_search(searchterm=None, userid=None):
    decryptor = AES.new(
        base64.b64decode(settings.PGAUTH_KEY),
        AES.MODE_SIV,
-        nonce=base64.b64decode(nonces, "-_")
+        nonce=base64.urlsafe_b64decode(nonces)
    )
    s = decryptor.decrypt_and_verify(
-        base64.b64decode(datas, "-_"),
+        base64.urlsafe_b64decode(datas),
-        base64.b64decode(tags, "-_"),
+        base64.urlsafe_b64decode(tags),
    ).rstrip(b' ').decode('utf8')
    j = json.loads(s)
--- a/tools/communityauth/test_auth.py
+++ b/tools/communityauth/test_auth.py
@ -63,9 +63,9 @@ if __name__ == "__main__":
    cipher, tag = encryptor.encrypt_and_digest(s.encode('ascii'))
    redirparams = {
-        'd': base64.b64encode(cipher, b"-_").decode('ascii'),
+        'd': base64.urlsafe_b64encode(cipher).decode('ascii'),
-        'n': base64.b64encode(nonce, b"-_").decode('ascii'),
+        'n': base64.urlsafe_b64encode(nonce).decode('ascii'),
-        't': base64.b64encode(tag, b"-_").decode('ascii'),
+        't': base64.urlsafe_b64encode(tag).decode('ascii'),
    }
    print("Paste the following after the receiving url:")